package com.ui.basic.controller.stduser;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.jsecurity.SecurityUtils;
import org.jsecurity.mgt.SecurityManager;
import org.jsecurity.session.Session;
import org.jsecurity.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.validation.BindingResult;
import org.springframework.validation.Validator;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.servlet.ModelAndView;

import com.common.basic.base.BaseController;
import com.common.basic.util.Globals;
import com.ui.basic.command.CommandChangePswd;
import com.ui.basic.ibatis.dao.CommonDAO;
import com.ui.basic.ibatis.dao.system.TblSUserDAO;
import com.ui.basic.ibatis.model.system.TblSUser;


public class ChangePassword extends BaseController {
	private static final transient org.apache.commons.logging.Log LOGGER = org.apache.commons.logging.LogFactory
			.getLog(ChangePassword.class);
	private SecurityManager manager;
	private Validator validator;
	private TblSUserDAO userDAO;
	private CommonDAO commonDAO;

	@Autowired
	public void setManager(SecurityManager manager) {
		this.manager = manager;
	}

	@Autowired
	public void setValidator(Validator validator) {
		this.validator = validator;
	}

	@Autowired
	public void setUserDAO(TblSUserDAO userDAO) {
		this.userDAO = userDAO;
	}

	@Autowired
	public void setCommonDAO(CommonDAO commonDAO) {
		this.commonDAO = commonDAO;
	}

	public ModelAndView showForm() {
		LOGGER.debug("***ChangePassword.showForm()");

		// security validation
		if (!(Boolean) SecurityUtils.getSubject().getSession().getAttribute(
				Globals.ERROR_REQUESTED_LINK)) {
			LOGGER.error("ERROR - security validation");
			return null;
		}

		Subject currentUser = SecurityUtils.getSubject();
		Session session = currentUser.getSession();
		TblSUser tbMUser = (TblSUser) session.getAttribute(Globals.USER_KEY);

		ModelAndView view = new ModelAndView("changepswd.form");
		CommandChangePswd commandChangePswd = new CommandChangePswd();
		commandChangePswd.setId(tbMUser.getId());

		view.addObject(commandChangePswd);

		return view;
	}

	public String processForm(
			final HttpServletRequest request,
			@ModelAttribute("commandChangePswd") CommandChangePswd commandChangePswd,
			BindingResult result) {
		LOGGER.debug("***ChangePassword.processForm()");

		// security validation
		if (!(Boolean) SecurityUtils.getSubject().getSession().getAttribute(
				Globals.ERROR_REQUESTED_LINK)) {
			LOGGER.error("ERROR - security validation");
			return null;
		}

		validator.validate(commandChangePswd, result);
		if (result.hasErrors()) {
			return "changepswd.form";
		}

		Subject currentUser = SecurityUtils.getSubject();
		Session session = currentUser.getSession();

		TblSUser user = (TblSUser) session.getAttribute(Globals.USER_KEY);

		try {
			if (!user.getPassword().equals(commandChangePswd.getCurPassword())) {
				List<String> msgList = new ArrayList<String>();
				msgList.add(getMessage(request, "error.wrongOldPassword"));
//				commandChangePswd.setMsgList(msgList);
				return "changepswd.form";
			}

			user = new TblSUser();
			user.setId(commandChangePswd.getId());
			user.setPassword(commonDAO.convertMD5(commandChangePswd.getPassword()));
			user.setChangedby((String) (manager.getSubject().getSession()
					.getAttribute(Globals.CURRENT_USER_NAME)));
			user.setChangeddate(new Date());

			try {
				userDAO.updateByPrimaryKeySelective(user);
			} catch (SQLException e) {
				LOGGER.debug("***SQL Code == " + e.getErrorCode());
				return "changepswd.form";
			}

			user = userDAO.selectByPrimaryKey(commandChangePswd.getId());
			session.setAttribute(Globals.USER_KEY, user);
		} catch (SQLException e1) {
			LOGGER.debug("***SQL Code == " + e1.getErrorCode());
			return "changepswd.form";
		}

		return "redirect:home";
	}

}
